package com.zzy.springboot_security.config;

import com.zzy.springboot_security.service.UserService;
import com.zzy.springboot_security.service.impl.UserServiceImpl;
import com.zzy.springboot_security.utils.MD5Util;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author ZhuZhengYang
 * @description TODO
 * @since 2022/1/19
 */
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UserServiceImpl userService;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //定制授权的请求规则
        //首页所有人可以访问
        http.authorizeHttpRequests().antMatchers("/").permitAll()
                .antMatchers("/level1/**").hasAnyRole("USER","ADMIN","SUPER_ADMIN")
                .antMatchers("/level2/**").hasAnyRole("ADMIN","SUPER_ADMIN")
                .antMatchers("/level3/**").hasRole("SUPER_ADMIN");

        //开启自动配置的登录功能
        // 进入自动来到 /login 请求来到登录页面
        // /login？error 重定向到这里表示请求失败
        http.formLogin()
                .usernameParameter("username")
                .passwordParameter("password")
                .loginPage("/toLogin")
                //登录表单提交请求
                .loginProcessingUrl("/login");


        //开启自动配置的注销功能  /logout 注销请求
        // http.logout();
        //注销成功后，跳转到首页
        //关闭关闭csrf功能:跨站请求伪造,默认只能通过post方式提交logout请求
        http.csrf().disable();
        http.logout().logoutSuccessUrl("/");



    }

    //定义认证规则

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(userService).passwordEncoder(new PasswordEncoder() {
            @Override
            public String encode(CharSequence rawPassword) {
                return MD5Util.MD5EncodeUtf8((String)rawPassword);
            }

            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return encodedPassword.equals(MD5Util.MD5EncodeUtf8((String)rawPassword));
            }
        });




        //此处的用户名和密码可以自定义写在内存中也可以，使用数据库进行查找
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("zhangsan").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2", "vip3")
                .and()
                .withUser("rootvip").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1", "vip2", "vip3")
                .and()
                .withUser("guest").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1", "vip2");

    }
}
